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DETAILED ACTION 

1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible 
for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has 
been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 
CFR. 1.1 14. Applicant's submission filed on 07/05/07 has been entered. Claims 1, 11, 18 and 
29 have been amended. Claims 1-39 are pending. 

Response to Arguments 

2. Applicant's arguments filed with respect to claims 1-39 have been fully considered but 
they are not persuasive. Applicant argues that Levergood US 5,708,780 fails to teach 
associating a security value with a set of commands of the distribution application, receiving one 
of the set of commands on the server from the authenticated user, checking the one command 
for the security value to determine if the one command originated from the authenticated user 
and preventing execution of the one command if the security value is not found with the 
command. Examiner disagrees. 

3. It is understood by the examiner in view of the specification that the phrase 'a set of 
commands' or 'a set of uniform resource locators (URLs) corresponding to a set of commands' 
is equivalent to a URL link or a URL input in which a user can issue a get or post 
command/request by clicking the link or inputting in a URL box [see for example present 
specification pages 11-12, paragraph 0027]. In this case, Levergood teaches a method of 
protecting a distributed application, including associating a security value (SID) with a set of 
commands or a set of uniform resource locators (URLs) corresponding to a set of commands 
(i.e., URLs that are associated with a get or post request/command wherein a session ID is 
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attached with the URL that is issued by the command) [see at least column 5, lines 42-column 
6, lines 7, lines and lines 14-31]. Levergood teaches receiving the command (i.e., set of URLs 
issued by a get command) on a server from an authenticated user and checking the one 
command (i.e., checking the URL issued by a get command) for the security value (i.e., SID) 
[column 5, lines 41-49, 64-column 6 line 4 and column 7, lines 14-31 and column 7, lines 35-47]. 
Levergood further teaches checking the one command/URL for the security value to determine 
the one command/URL originated from the authenticated user (i.e., verifying the validity of the 
SID associated with the URL, column 6, lines 5-27) and preventing execution of the one 
command if the security value is not found with the one command (if the SID is valid executing 
the URL link or if the SID is not found and/or is not valid not executing the URL link, column 5, 
line 65-column 6, line 27). Examiner asserts that the art on record teaches the claim limitations 
and therefore the rejection is respectfully maintained. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 1-39 are rejected under 35 U.S.C. 102(b) as being anticipated by Levergood et 
al. US 5,708,780 (hereinafter Levergood). 

6. As per claims 1, 3, 8-11, 18, 20, 24, 26-29, 31 and 35, Levergood teaches A method for 
protecting a distributed application user, comprising: 
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providing a distributed application on a server (i.e., web-pages on a server) [column 5, 
lines 17-41]; 

authenticating a user of the distributed application [column 5, lines 41-50 and column 6, 
lines 27-50]; 

determining, on the server, a security value for the authenticated user (i.e., SID is 
generated for an authenticated user) [column 5, lines 41-64 and column 6, lines 53-column 7, 
line 13]; 

associating the security value with a set of uniform resource locators (URLs) 
corresponding to a set of commands of the distributed application [column 5, line 49-column 6, 
line 4 and column 7, lines 14-31]; 

communicating the security value to a client operated by the authenticated user [column 

5, line 49-column 6, line 4 and column 7, lines 14-31]; 

receiving one of the set of URLs on the server from the client [column 5, line 64-column 

6, line 16 and column 7, lines 14-21]; 

checking the one URL for the security value (i.e., check if SID is attached to the URL)to 
determine if the one command originated from the authenticated user (and validate the SID) 
[column 5, lines 41-49 and column 5, line 65-column 6, lines 26 and column 7, lines 35-47]; and 

preventing execution of the one command if the security value is not found with the one 
command (if the SID is valid executing the URL link or if the SID is not found and/or is not valid 
not executing the URL link, column 5, line 65-column 6, line 27). 

7, As per claims 2, 12, 19 and 30, Levergood further teaches the method further 
comprising returning an error message to the user if the security value is not found with the one 



Application/Control Number: 10/630,283 Page 5 

Art Unit: 2135 

command (i.e., if not SID is detected with the URL, redirecting it back to the client, column 5, 
lines 46-50 and column 7, lines 41-49), 

8. As per claims 4, 21 and 32, Levergood further teaches the method wherein the security 
value is a pseudo-random number (i.e., session identifier including user identifier, column 3, 
lines 34-41). 

9. As per claims 5, 17, 22 and 33, Levergood further teaches the method further 
comprising storing the security value on the server [column 6, lines 5-23]. 

10. As per claims 6, 13, 23 and 34, Levergood further teaches the method further 
comprising: associating the security value with session information corresponding to the 
authenticated user, and communicating the session information and the security value to the 
authenticated user [column 6, lines 5-23 and column 7, lines 14-21]. 

11. As per claims 7, 25 and 36, Levergood further teaches the method wherein the 
authenticated user operates a client that communicates with the server [column 6, lines 22-26]. 

12. As per claims 14 and 37, Levergood further teaches the method wherein the associating 
step comprises appending the security value to a set of URLs corresponding to a set of 
commands of the distributed application [column 5, line 49-column 6, line 4 and column 7, lines 
14-31]. 
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13. As per claims 15 and 38, Levergood further teaches the method wherein the one URL is 
pre-constructed on the server, and wherein client receives the one URL and the associated 
security value from the server [column 7, lines 14-33]. 

14. As per claims 16 and 39, Levergood further teaches the method wherein the one URL is 
constructed on the client, and wherein the associating step comprises, extracting the security 
value on the client, and appending the security value to the one URL [column 5, lines52-65]. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Beemnet W. Dada whose telephone number is (571) 272-3847. The 
examiner can normally be reached on Monday - Friday (9:00 am - 5:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859, The fax phone number for the 
organization where this application or proceeding is assigned is 571.-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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